Leapswitch Handles 8 Gbps DDOS Attack Well

I have a VPS with Leapswitch Networks at their Pune Data Center. The Data Center is owned and operated by Tata Communications.

I am quite happy with the uptime of the VPS and the speed and quality of support offered by Leapswitch.

The pricing of the VPS is also rock-bottom.

All of a sudden I got an email from Leapswitch:

“You may have noticed an outage today in our Pune network from 11:15 IST to 11:40 IST (GMT + 5:30). This was due to a DDoS attack on our network.

You can read about Denial of Service attacks here – http://en.wikipedia.org/wiki/Denial-of-service_attack

This attack was not targeted at any of our customers, it was targeted directly at Leapswitch Networks so we will be pursuing this matter on technical as well as legal fronts as it seems to be motivated by competition and we will get to the bottom of this.

Thank you for hosting with us.”

Then, a few days later, there was another email:

“As you may have noticed, we are facing an outage in the Pune IDC where your service is currently hosted.

The issue is due to an 8 gbps ddos attack which is targetted at TATA (the Datacenter/Network owner) and us.

Their engineers are working on mitigating this attack, and our network/servers of around 800 customers are inaccessible.

Currently we do not have an ETA , but there is a tentative ETA of 6 PM IST .

We are posting updates on our network status page – https://service.leapswitch.com/serverstatus.php , which you can continue to refer or open a support ticket/chat with us/

We understand that this affects your business and once this outage is resolved, you can open a request in our billing department for service credits.

Thank you for your patience during this difficult time.”

Now, the question is what is a “8 gbps ddos attack”.

There is a good explanation of what a DDOS attack is, how to launch one, and to mitigate it at cloudflare. Apparently, you need a “botnet herder” who has access to tens of thousands of infected computers, all of which are directed to a particular website. If you want to launch a DDOS, you can “rent” a botnet for a few hours.

It also appears that the “new normal” is 200-400 Gbps DDOS attacks, which are so massive and intense that it can completely cripple the entire network.

This means that Leapswitch Networks, with only a 8Gbps DDOS attack, got away rather lightly.

Anyway, Leapswitch resolved the problem quite quickly and sent a reassuring email:

Following our earlier outage email, we would like to provide full RFO (reason for outage) and the resolution.

RFO –

On 7th Feb 2014 and 10th Feb 2014, our network – specifically our shared / reseller platform was hit with large inbound DDoS attacks aimed at disrupting client service by flooding our network. The DDoS on 7th Feb was resolved within 30 minutes by blackholing the IP being attacked. However, on 10th Feb, the attack was distributed to different attack targets in our network and was large enough to disrupt TATA’s own services. As you may know, TATA is currently our sole upstream provider at the TATA IDC. After many blackholed IPs and mitigation of DDoS service was restored to our Dedicated servers, VPS platforms and Email Hosting at 4:15 PM on 10th Feb. Shared / reseller was still being attacked and was brought back online by around 9 PM and sites were brought online one by one after that.

Resolution –

We discussed DDoS mitigation services with multiple providers, including TATA. The fastest one to implement protection was BlackLotus Communications and I am pleased to inform you that the protection has already been implemented. It will cover worldwide incoming traffic over the next 24 hours. All inbound traffic will be filtered by BlackLotus and only clean / non-attack traffic will be passed on to Leapswitch. We will not be disclosing the amount of protection for security reasons and we recommend that you do not resell our hosting as DDoS protected hosting. All outbound traffic will go through TATA and soon, from Airtel.

Service credits –

We sincerely apologize for the outage and as it has broken our SLA, we would like to offer service credits. Please open a ticket in our Billing department in the next 15 days requesting service credits for the outage and our billing team will process the same for you.

What pleased me was the speed and quality of communication. There was the feeling that knowledgeable people were addressing the issue and knew what had to be done. I never felt that I was left in the lurch.

What is perplexing to me is why anyone would target someone so low profile as Leapswitch Networks? I can understand a hot-headed teenager launching a DDOS against a high profile website or Institution so that he can brag about it to his peers. Or, perhaps, renting a botnet is so cheap that you can use to launch a DDOS against everyone and anybody, without caring about how high profile or low profile the target is.